ProdPad is a multi-tenancy SaaS tool that is hosted on AWS in the EU (Ireland). Single tenancy and on-premise versions are also available.
The security of the application is based on two concepts:
- Defense in depth
- Zero Trust
With defense in depth we use layers of protection (e.g. multiple different levels of firewall and access control) rather than rely on a single layer of security.
Zero Trust model requires each person/entity to continually authenticate and authorize access. This also involves isolating different parts of the infrastructure from other parts and only opening ports/channels/methods that are needed.
In terms of backup and disaster recovery, we use Amazon's RDS to provide the database. RDS performs nightly backups that are stored in S3 and we also use point-in-time logging. This allows us to restore the database to within 1-5 mins of when the database goes down. As we use AWS we can re-create the instance of ProdPad, including app servers and database servers, in another region, should there be an extended downtime in the current region. The app servers are maintained by Chef allowing us to re-create exact replica within minutes.Finally, in terms of our internal processes and policy, we don't have easy access to your ideas and data (ie.we can't simply log in as you to see what's in your account), and we only dig into the logs or the database when specifically required for troubleshooting. We don't resell or reuse your data in any way, nor do we have plans to (our business model is to provide tools to save you time and effort, not to attract advertisers or buyers like you'd expect from a free service, for example).
If you have any questions please drop us a line at firstname.lastname@example.org.